DBActive

Add a Quick Poll to Your Web Site
Summary: Duncan Mackenzie describes his process to build a “Quick Poll” using Visual Basic and ASP.NET.

Recent discussions have motivated me to add some “anti-repeat-voting” code to this sample… I”ve finished up most of the changes, so grab the sample from the article if you are interested and then watch this space for more information on the additions!

Source

Add a Quick Poll to Your Web Site
Summary: Duncan Mackenzie describes his process to build a “Quick Poll” using Visual Basic and ASP.NET.

Recent discussions have motivated me to add some “anti-repeat-voting” code to this sample… I”ve finished up most of the changes, so grab the sample from the article if you are interested and then watch this space for more information on the additions!

Source

On the World Wide Web, you cannot speak face to face with your customer so you have to establish credibility in other ways.

I was just talking with J.D. Meier (from PAG) about the Improving Application Security book and he pointed out a great page to me… the “Solutions At A Glance” list… this page lists a ton of very frequently asked questions around .NET security and provides links deep into all that great PAG security info.

Some examples;

• How to write secure managed code

  Use strong names to digitally sign your assemblies and to make them tamperproof. At the same time you need to be aware of strong name issues when you use strong name assemblies with ASP.NET. Reduce your assembly attack profile by adhering to solid object oriented design principles, and then use code access security to further restrict which code can call your code. Use structured exception handling to prevent sensitive information from propagating beyond your current trust boundary and to develop more robust code. Avoid canonicalization issues, particularly with input file names and URLs.

  For information about how to improve the security of your managed code, see Chapter 7, “Building Secure Assemblies.” For more information about how to use code access security effectively to further improve security, see Chapter 8, “Code Access Security in Practice.” For information about performing managed code reviews, see Chapter 21, “Code Review.”

and

• How to prevent SQL injection

  Use parameterized stored procedures for data access. The use of parameters ensures that input values are checked for type and length. Parameters are also treated as safe literal values and not executable code within the database. If you cannot use stored procedures, use SQL statements with parameters. Do not build SQL statements by concatenating input values with SQL commands. Also, ensure that your application uses a least privileged database login to constrain its capabilities in the database.

  For more information about SQL injection and for further countermeasures, see “SQL Injection” in Chapter 14, “Building Secure Data Access.”

For a ton more questions and answers, you can check out the entire page here

Source

I was just talking with J.D. Meier (from PAG) about the Improving Application Security book and he pointed out a great page to me… the “Solutions At A Glance” list… this page lists a ton of very frequently asked questions around .NET security and provides links deep into all that great PAG security info.

Some examples;

• How to write secure managed code

  Use strong names to digitally sign your assemblies and to make them tamperproof. At the same time you need to be aware of strong name issues when you use strong name assemblies with ASP.NET. Reduce your assembly attack profile by adhering to solid object oriented design principles, and then use code access security to further restrict which code can call your code. Use structured exception handling to prevent sensitive information from propagating beyond your current trust boundary and to develop more robust code. Avoid canonicalization issues, particularly with input file names and URLs.

  For information about how to improve the security of your managed code, see Chapter 7, “Building Secure Assemblies.” For more information about how to use code access security effectively to further improve security, see Chapter 8, “Code Access Security in Practice.” For information about performing managed code reviews, see Chapter 21, “Code Review.”

and

• How to prevent SQL injection

  Use parameterized stored procedures for data access. The use of parameters ensures that input values are checked for type and length. Parameters are also treated as safe literal values and not executable code within the database. If you cannot use stored procedures, use SQL statements with parameters. Do not build SQL statements by concatenating input values with SQL commands. Also, ensure that your application uses a least privileged database login to constrain its capabilities in the database.

  For more information about SQL injection and for further countermeasures, see “SQL Injection” in Chapter 14, “Building Secure Data Access.”

For a ton more questions and answers, you can check out the entire page here

Source

I noticed yesterday that my poll wasn”t showing the question on the top of the list of choices, or the list of results. Viewing the source made it pretty obvious the <asp:label> was rendering, but that it was empty. Checking my code everything seemed fine, but when I retrieved the poll details through a Stored Proc I was using an Output param for the question text and it was always blank. Well, I knew there was an entire article on MSDN on this exact topic… and a quick search on “Vaughn” on MSDN took me right to the article I knew would show me exactly what I needed to do.

Retrieving the Gazoutas: Understanding SQL Server Return Codes and Output Parameters

William Vaughn

Summary: Discusses how to capture, interrupt, and handle resultsets and rowsets, as well as the extra information that they return when executing a Microsoft SQL Server query. (7 printed pages)

Yep… turns out I had goofed up, I was calling the stored proc with ExecuteReader, but I was trying to read those params before I had closed the data reader. So I made one change to my code;

Dim dr As SqlDataReader = _     cmdGetPollDetails.ExecuteReader( _     CommandBehavior.CloseConnection) If dr.HasRows Then     Dim po As PollOption     Do While dr.Read         po = New PollOption         po.OptionID = dr.GetInt32(0)         po.OptionText = dr.GetString(1)         result.Options.Add(po)     Loop     result.ID = pollID     result.Name = CStr( _         cmdGetPollDetails.Parameters(“@PollName”).Value)     result.Question = CStr( _         cmdGetPollDetails.Parameters(“@PollQuestion”).Value)     dr.Close()     Return result Else     dr.Close()     Return Nothing End If 

I just moved the dr.Close( ) up to right after the end of the Do loop…

    Loop     dr.Close()     result.ID = pollID     result.Name = CStr( _         cmdGetPollDetails.Parameters(“@PollName”).Value)     result.Question = CStr( _         cmdGetPollDetails.Parameters(“@PollQuestion”).Value)     Return result 

Source

I noticed yesterday that my poll wasn”t showing the question on the top of the list of choices, or the list of results. Viewing the source made it pretty obvious the <asp:label> was rendering, but that it was empty. Checking my code everything seemed fine, but when I retrieved the poll details through a Stored Proc I was using an Output param for the question text and it was always blank. Well, I knew there was an entire article on MSDN on this exact topic… and a quick search on “Vaughn” on MSDN took me right to the article I knew would show me exactly what I needed to do.

Retrieving the Gazoutas: Understanding SQL Server Return Codes and Output Parameters

William Vaughn

Summary: Discusses how to capture, interrupt, and handle resultsets and rowsets, as well as the extra information that they return when executing a Microsoft SQL Server query. (7 printed pages)

Yep… turns out I had goofed up, I was calling the stored proc with ExecuteReader, but I was trying to read those params before I had closed the data reader. So I made one change to my code;

Dim dr As SqlDataReader = _

    cmdGetPollDetails.ExecuteReader( _

    CommandBehavior.CloseConnection)

If dr.HasRows Then

    Dim po As PollOption

    Do While dr.Read

        po = New PollOption

        po.OptionID = dr.GetInt32(0)

        po.OptionText = dr.GetString(1)

        result.Options.Add(po)

    Loop

    result.ID = pollID

    result.Name = CStr( _

        cmdGetPollDetails.Parameters(“@PollName”).Value)

    result.Question = CStr( _

        cmdGetPollDetails.Parameters(“@PollQuestion”).Value)

    dr.Close()

    Return result

Else

    dr.Close()

    Return Nothing

End If

I just moved the dr.Close( ) up to right after the end of the Do loop…

    Loop

    dr.Close()

    result.ID = pollID

    result.Name = CStr( _

        cmdGetPollDetails.Parameters(“@PollName”).Value)

    result.Question = CStr( _

        cmdGetPollDetails.Parameters(“@PollQuestion”).Value)

    Return result

Source

I blame google.

(250 + comments so far, not counting the ones I”ve had to remove)

Source

I blame google.

(250 + comments so far, not counting the ones I”ve had to remove)

Source

Even if you have hundreds of visitors per day, web surfers still might not purchase something on your website. Why do visitors sometimes don’t convert into sales? We’ll show you several reasons that can prevent surfers from buying on your website.